One of 2017’s least helpful trends, for pretty much any definition of helpful, was the rise of so-called “cryptojacking” extensions and scripts. There was some hope, early on, that mining a cryptocurrency in one’s web browser while surfing a site could represent a better method of generating income than the eternal war between ad blockers and websites (a battle neither side wins, nor is necessarily even pleased with). But that fragile hope has been dashed. Cryptojacking, the use of drive-by cryptocurrency mining scripts embedded in websites to burn CPU cycles and power of visiting users without their consent, had already become popular last year. It’s apparently reached such proportions that now even Google is taking a hand to stop it.
According to a new post at the Chromium Blog, cryptocurrency miners will no longer be allowed on the platform. In the past, Google did allow such use, provided that the extension was deployed solely for mining and this information was disclosed to the user up-front. “Unfortunately,” writes James Wagner, the company’s extensions platform product manager, “approximately 90 percent of all extensions with mining scripts that developers have attempted to upload to Chrome Web Store have failed to comply with these policies, and have been either rejected or removed from the store.”
Starting today, the Chrome Web Store will no longer accept cryptocurrency mining extensions. Existing extensions that were previously approved will be stripped in late June. Extensions that perform other tasks or are related to the blockchain in a fashion other than mining will continue to work normally.
Google, it seems, is a bit unhappy with how this experiment in permissiveness turned out. That might have something to do with news that surfaced some months ago, about popular extensions being sold to individuals who then updated them with cryptocurrency miners, hoping that end users would never be the wiser. That kind of end run around user intent is about as hostile as you can get.
It was never clear if there was a realistic path to cryptocurrency mining as a way to funnel cash to legitimate websites. Fundamental issues, like the impact on system power consumption, battery life, and the very real difficulty of trying to create some kind of equitable framework for assigning mining work across multiple browsers and sites hadn’t been solved. The best-case might have been a third-party tool that would distribute mining earnings to a site or series of sites, but this would’ve also made it trickier for sites to know which users and donators were associated with which accounts.
None of these problems were insurmountable. But with Google bringing down the banhammer — and to be clear, we agree with its decision, given the user-hostile nature of cryptojacking — we won’t be finding out anytime soon.
Click-Fraud Chrome Extensions Removed from Store After 500,000 Downloads
Researchers from security firm ICEBRG report finding a cluster of scam extensions in the Google Web Store with a combined download figure of more than 500,000.
Flaw in Grammarly Browser Extension Exposed User Documents
Grammarly promises to catch your typos and grammatical errors, but for a while, it was also exposing your personal documents to potential snooping by any website you visited.
Microsoft Releases Defender Extension for Chrome
Just add it to Chrome, and you have what Microsoft assures everyone are more effective safe browsing tools.